Wave Life Sciences
IT Cybersecurity Co-op (Spring 2026)
Wave Life Sciences, Lexington, Massachusetts, United States, 02173
Cybersecurity Co-Op
Wave Life Sciences is a biotechnology company focused on unlocking the broad potential of RNA medicines to transform human health. Our RNA medicines platform, PRISM, combines multiple modalities, chemistry innovation and deep insights in human genetics to deliver scientific breakthroughs that treat both rare and prevalent disorders. Our toolkit of RNA-targeting modalities includes editing, splicing, RNA interference and antisense silencing, providing us with unmatched capabilities for designing and sustainably delivering candidates that optimally address disease biology. Our diversified pipeline includes clinical programs in Duchenne muscular dystrophy, Alpha-1 antitrypsin deficiency and Huntington's disease, as well as a preclinical program in obesity. Driven by the calling to "Reimagine Possible", we are leading the charge toward a world in which human potential is no longer hindered by the burden of disease. Wave Life Sciences is seeking a motivated and detail-oriented Cybersecurity Co-Op to join our IT Security team for a six-month full-time assignment. In this role, you will gain hands-on experience across multiple areas of enterprise cybersecurity including threat monitoring, vulnerability management, identity and access initiatives, third-party risk assessments, AI/ML security, policy and compliance, and security awareness programs. This is an opportunity to work closely with security engineers and IT leaders, develop technical and analytical skills, and directly contribute to the protection of Wave's systems, data, and people. Responsibilities
Assist in threat monitoring, response, and security tools integration Support the Security Operations Center (SOC) by monitoring alerts from CrowdStrike and other security platforms, investigating suspicious activity, and escalating incidents following defined playbooks. Learn how to perform initial triage and enrichment of security events, document findings, and contribute to root-cause analyses. Identify integration and ingestion points for security tools, focusing on improving telemetry and automation within the CrowdStrike platform and related systems. Vulnerability management Assist in scheduling, running, and reviewing vulnerability scans across endpoints, servers, cloud environments, and network infrastructure. Track remediation efforts in collaboration with IT operations teams, ensuring patches and fixes are applied in a timely manner. Help maintain reporting dashboards to communicate remediation progress, trends, and compliance against defined SLAs. Support zero trust and identity initiatives Participate in projects to advance Wave's Zero Trust strategy, including implementation of passwordless authentication methods and biometric access controls. Assist in reviewing role-based access control (RBAC) configurations to ensure least-privilege principles are consistently applied. Contribute to documentation and testing for new identity governance initiatives, including access recertification and MFA expansion. Third-party risk assessment Support the evaluation of IT vendors and managed service providers (MSPs) by gathering documentation, reviewing security questionnaires, and scoring vendor cybersecurity posture. Help maintain third-party risk registers, coordinate remediation plans with vendor contacts, and track progress against action items. Learn how to leverage tools such as BlackKite to expand third-party risk insights and reporting. AI and ML risk support Contribute to cyber-AI risk assessments, focusing on the security and governance of open-source machine learning tools and large language model (LLM) integrations. Assist in documenting risks related to data privacy, model security, and supply-chain vulnerabilities. Support the development of mitigation strategies and tracking of open AI-related risks. Policy and compliance support Assist in reviewing, updating, and publishing cybersecurity policies and procedures to ensure alignment with evolving best practices and regulatory requirements. Help manage the Written Information Security Program (WISP) and related documentation. Support mock assessments and evidence collection for frameworks such as ISO 27001 and NIST CSF to prepare for external audits. Security awareness and training Assist in designing, executing, and analyzing phishing simulations and security awareness campaigns. Help deliver cybersecurity training sessions, gather feedback, and identify opportunities for improvement. Contribute to the development of shorter, focused training modules to increase employee engagement and knowledge retention. Qualifications
Enrolled in a Computer Science or a related field bachelor's degree program at an accredited college/university. A GPA of 3.0 or higher is preferred. Strong Windows OS background. Strong written and verbal communication skills. Must be well-organized and have the ability to work in a team environment. Ability to manage responsibilities in a fast-paced environment. Able to take direction needed to resolve incidents quickly and effectively. Able to complete routine tasks independently over time. This includes gaining the functional, technical, and problem-solving skills needed to complete assignments.
Wave Life Sciences is a biotechnology company focused on unlocking the broad potential of RNA medicines to transform human health. Our RNA medicines platform, PRISM, combines multiple modalities, chemistry innovation and deep insights in human genetics to deliver scientific breakthroughs that treat both rare and prevalent disorders. Our toolkit of RNA-targeting modalities includes editing, splicing, RNA interference and antisense silencing, providing us with unmatched capabilities for designing and sustainably delivering candidates that optimally address disease biology. Our diversified pipeline includes clinical programs in Duchenne muscular dystrophy, Alpha-1 antitrypsin deficiency and Huntington's disease, as well as a preclinical program in obesity. Driven by the calling to "Reimagine Possible", we are leading the charge toward a world in which human potential is no longer hindered by the burden of disease. Wave Life Sciences is seeking a motivated and detail-oriented Cybersecurity Co-Op to join our IT Security team for a six-month full-time assignment. In this role, you will gain hands-on experience across multiple areas of enterprise cybersecurity including threat monitoring, vulnerability management, identity and access initiatives, third-party risk assessments, AI/ML security, policy and compliance, and security awareness programs. This is an opportunity to work closely with security engineers and IT leaders, develop technical and analytical skills, and directly contribute to the protection of Wave's systems, data, and people. Responsibilities
Assist in threat monitoring, response, and security tools integration Support the Security Operations Center (SOC) by monitoring alerts from CrowdStrike and other security platforms, investigating suspicious activity, and escalating incidents following defined playbooks. Learn how to perform initial triage and enrichment of security events, document findings, and contribute to root-cause analyses. Identify integration and ingestion points for security tools, focusing on improving telemetry and automation within the CrowdStrike platform and related systems. Vulnerability management Assist in scheduling, running, and reviewing vulnerability scans across endpoints, servers, cloud environments, and network infrastructure. Track remediation efforts in collaboration with IT operations teams, ensuring patches and fixes are applied in a timely manner. Help maintain reporting dashboards to communicate remediation progress, trends, and compliance against defined SLAs. Support zero trust and identity initiatives Participate in projects to advance Wave's Zero Trust strategy, including implementation of passwordless authentication methods and biometric access controls. Assist in reviewing role-based access control (RBAC) configurations to ensure least-privilege principles are consistently applied. Contribute to documentation and testing for new identity governance initiatives, including access recertification and MFA expansion. Third-party risk assessment Support the evaluation of IT vendors and managed service providers (MSPs) by gathering documentation, reviewing security questionnaires, and scoring vendor cybersecurity posture. Help maintain third-party risk registers, coordinate remediation plans with vendor contacts, and track progress against action items. Learn how to leverage tools such as BlackKite to expand third-party risk insights and reporting. AI and ML risk support Contribute to cyber-AI risk assessments, focusing on the security and governance of open-source machine learning tools and large language model (LLM) integrations. Assist in documenting risks related to data privacy, model security, and supply-chain vulnerabilities. Support the development of mitigation strategies and tracking of open AI-related risks. Policy and compliance support Assist in reviewing, updating, and publishing cybersecurity policies and procedures to ensure alignment with evolving best practices and regulatory requirements. Help manage the Written Information Security Program (WISP) and related documentation. Support mock assessments and evidence collection for frameworks such as ISO 27001 and NIST CSF to prepare for external audits. Security awareness and training Assist in designing, executing, and analyzing phishing simulations and security awareness campaigns. Help deliver cybersecurity training sessions, gather feedback, and identify opportunities for improvement. Contribute to the development of shorter, focused training modules to increase employee engagement and knowledge retention. Qualifications
Enrolled in a Computer Science or a related field bachelor's degree program at an accredited college/university. A GPA of 3.0 or higher is preferred. Strong Windows OS background. Strong written and verbal communication skills. Must be well-organized and have the ability to work in a team environment. Ability to manage responsibilities in a fast-paced environment. Able to take direction needed to resolve incidents quickly and effectively. Able to complete routine tasks independently over time. This includes gaining the functional, technical, and problem-solving skills needed to complete assignments.